<?php
include 'header.php';
?>

<!----------------------------------------FIN de la  partie qui concerne le SLIDER ---------------------------------------->

</div>

</div>

<section>
<colonne_centre>

<?php

include 'forum/connect.php';

echo '<h3>Sign in</h3><br />';

//first, check if the user is already signed in. If that is the case, there is no need to display this page
if (isset($_SESSION['signed_in']) && $_SESSION['signed_in'] == true) {
	echo 'You are already signed in, you can <a href="logout.php">sign out</a> if you want.';
} else {
	if ($_SERVER['REQUEST_METHOD'] != 'POST') {
		/*the form hasn't been posted yet, display it
		 note that the action="" will cause the form to post to the same page it is on */
		echo '<form method="post" action="">
			Email: <input type="text" name="user_email" /><br />
			Password: <input type="password" name="user_pass"><br />
			<input type="submit" value="Sign in" />
		 </form>';
	} else {
		/* so, the form has been posted, we'll process the data in three steps:
		 1.	Check the data
		 2.	Let the user refill the wrong fields (if necessary)
		 3.	Varify if the data is correct and return the correct response
		 */
		$errors = array();
		/* declare the array for later use */

		if (!isset($_POST['user_email'])) {
			$errors[] = 'The email field must not be empty.';
		}

		if (!isset($_POST['user_pass'])) {
			$errors[] = 'The password field must not be empty.';
		}

		if (!empty($errors))/*check for an empty array, if there are errors, they're in this array (note the ! operator)*/
		{
			echo 'Uh-oh.. a couple of fields are not filled in correctly..<br /><br />';
			echo '<ul>';
			foreach ($errors as $key => $value)/* walk through the array so all the errors get displayed */
			{
				echo '<li>' . $value . '</li>';
				/* this generates a nice error list */
			}
			echo '</ul>';
		} else {
			//the form has been posted without errors, so save it
			//notice the use of mysql_real_escape_string, keep everything safe!
			//also notice the sha1 function which hashes the password
			$sql = "SELECT 
						user_id,
						user_email,
						user_level
					FROM
						users
					WHERE
						user_email = '" . mysql_real_escape_string($_POST['user_email']) . "'
					AND
						user_pass = '" . sha1($_POST['user_pass']) . "'";

			$result = mysql_query($sql);
			if (!$result) {
				//something went wrong, display the error
				echo 'Something went wrong while signing in. Please <a href="login.php">try again</a>.';
				echo mysql_error();
				//debugging purposes, uncomment when needed
			} else {
				//the query was successfully executed, there are 2 possibilities
				//1. the query returned data, the user can be signed in
				//2. the query returned an empty result set, the credentials were wrong
				if (mysql_num_rows($result) == 0) {
					echo 'You have supplied a wrong user/password combination. Please <a href="login.php">try again</a>.';
					
				} else {
					//set the $_SESSION['signed_in'] variable to TRUE
					$_SESSION['signed_in'] = true;

					//we also put the user_id and user_email values in the $_SESSION, so we can use it at various pages
					while ($row = mysql_fetch_assoc($result)) {
						$_SESSION['user_id'] = $row['user_id'];
						$_SESSION['user_email'] = $row['user_email'];
						$_SESSION['user_level'] = $row['user_level'];
					}
					

					//echo 'Welcome, ' . $_SESSION['user_email'] . '. <br /><a href="index.php">Proceed to the forum overview</a>.';
					header('Location: public_profile.php');
					
					
					
				}
			}
		}
	}
}
?> 
	 
                </colonne_centre>
				
                <colonne_g>
                    <h1>Polytech'Montpellier</h1></br>
					
                    <p id="photo_colonne_g"><img src="images/logogo.jpg" /></p></br>
                    <p>L’école polytechnique universitaire de Montpellier est l’école d’ingénieurs de l’Université Montpellier 2.</p></br>
                    <p> > Plus de 40 ans d’existence (création en 1969, sous le nom de « ISIM »)  </br>
						> 1.200 élèves en formation (dont une centaine d’étrangers)</br>
						> 150 enseignants</br>
						> 50 personnels administratifs et techniques</br>
						> 14 laboratoires de recherche associés</br></p>
                </colonne_g>
            </section>
            </div>
              
            
            
        </div>
    </body>
</html>
